diff options
| -rw-r--r-- | it_html.class | 4 | ||||
| -rwxr-xr-x | tests/it_html.t | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/it_html.class b/it_html.class index 039f649..2175dd3 100644 --- a/it_html.class +++ b/it_html.class @@ -395,13 +395,13 @@ function sanitize($html) { # Link tags, keeps only href attribute list($head, $href, $content, $tail) = $tag; - $result .= it_html::sanitize($head) . '<a href="' . it_html::Q(html_entity_decode($href), ENT_COMPAT, $charset) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail); + $result .= it_html::sanitize($head) . '<a href="' . it_html::Q(it_html::U(html_entity_decode($href, ENT_COMPAT, $charset))) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail); } else if ($tag = it::match('(.*)<img\b[^>]+?src="(' . $urlpattern . ')"[^>]*?>(.*)', $html)) { # Image tags, keeps only src attribute list($head, $src, $tail) = $tag; - $result .= it_html::sanitize($head) . '<img src="' . it_html::Q(html_entity_decode($src, ENT_COMPAT, $charset)) . '" alt="" />' . it_html::sanitize($tail); + $result .= it_html::sanitize($head) . '<img src="' . it_html::Q(it_html::U(html_entity_decode($src, ENT_COMPAT, $charset))) . '" alt="" />' . it_html::sanitize($tail); } else if ($tag = it::match("(.*)<(br|/tr)\b[^>]*>(.*)", $html)) { diff --git a/tests/it_html.t b/tests/it_html.t index 9c05341..3b4dc2f 100755 --- a/tests/it_html.t +++ b/tests/it_html.t @@ -91,11 +91,11 @@ is( ); is( - it_html::sanitize(" \r \n " . ' <p><a href="http://www.flickr.com/people/swisspics/">swisspics</a> posted < < ä & yesterday <b>a <i>photo</i></b> <b><i>tag missmatch</b></i>:</p><br><BR /> + it_html::sanitize(" \r \n " . ' <p><a href="http://www.flickr.com/people/swisspics%/">swisspics</a> posted < < ä & yesterday <b>a <i>photo</i></b> <b><i>tag missmatch</b></i>:</p><br><BR /> <P><a href="javascript:window.close()" title="Wolken"><img src="http://farm1.static.flickr.com/177/377214376_bcba167a7d_m.jpg" width="240" height="180" alt="Wolken" style="border: 1px solid #ddd;" /></a></p> '), - ' <a href="http://www.flickr.com/people/swisspics/">swisspics</a> posted < < ä & yesterday a <i>photo</i> <i>tag missmatch</i>:<br /><br /> <p><img src="http://farm1.static.flickr.com/177/377214376_bcba167a7d_m.jpg" alt="" /></p> ', + ' <a href="http://www.flickr.com/people/swisspics%25/">swisspics</a> posted < < ä & yesterday a <i>photo</i> <i>tag missmatch</i>:<br /><br /> <p><img src="http://farm1.static.flickr.com/177/377214376_bcba167a7d_m.jpg" alt="" /></p> ', 'it_html::sanitize tag soup' ); @@ -134,12 +134,12 @@ is( is( U('%% %1%x %1x%x1%xx%11%ff%FF'), '%25%25+%251%25x+%251x%25x1%25xx%11%ff%FF', - 'quoting of % if not followed by 2 hex digits' + 'U() quoting of % if not followed by 2 hex digits' ); is( U('a\\b'), 'a/b', - 'converting of \ to /' + 'U() converting of \ to /' ); ?> |